Re: Two Ldaps Authentication
Message: 6
Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT)
From: fvt3 <fvt3@yahoo.com>
Subject: Re: Two Ldaps Authentication
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <20060616164429.4187.qmail@web42106.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Alan,
This is what I have in my radius.conf
Autz-Type LDAP1{
ldap_ldap1{
invalid=return
}
ldap_ldap2
}
Auth-Type LDAP1 {
redundant{
ldap_ldap1{
}
ldap_ldap2
}
users file
DEFAULT Auth-Type = LDAP1
Fall-Through = No,
Reply-Message = "ldap login"
I'm forcing radius to lookup user in ldap1(ldap) and
ldap2(Active Directory). The same user name can
reside on both db backend. With this setup, radius
only works if the user name does not exist on both db.
If user John is on both db, it would only
authenticate off LDAP1 and not in LDAP2.
Here is my log
<snip>
correct...this is the way you have it configured.
as long as ONE ldap server answers the request (whether it be an
authentication allowed or rejected) it still answered. so it won't fail
over to the next ldap server...
--- Alan DeKok
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike@mtasolutions.com
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.